FKIE_CVE-2015-5737

Vulnerability from fkie_nvd - Published: 2015-09-03 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call.
References
cve@mitre.orghttp://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient
cve@mitre.orghttp://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html
cve@mitre.orghttp://seclists.org/fulldisclosure/2015/Sep/0
cve@mitre.orghttp://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities
cve@mitre.orghttp://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlientVendor Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/536369/100/0/threaded
cve@mitre.orghttp://www.securitytracker.com/id/1033439
af854a3a-2127-422b-91ae-364da2661108http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2015/Sep/0
af854a3a-2127-422b-91ae-364da2661108http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities
af854a3a-2127-422b-91ae-364da2661108http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlientVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/536369/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1033439
Impacted products
Vendor Product Version
fortinet forticlient *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7123E6A7-54BE-4406-9B1A-EF3E5B367601",
              "versionEndIncluding": "5.2.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los drivers (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys y (5) Fortishield.sys en Fortinet FortiClient en versiones anteriores a 5.2.4, no restringe adecuadamente el acceso a la API para la gesti\u00f3n de procesos y el registro de Windows, lo que permite a usuarios locales obtener un identificador con privilegios a un PID y posiblemente tener otro impacto no especificado, como se demuestra por una llamada ioctl en 0x2220c8."
    }
  ],
  "id": "CVE-2015-5737",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-09-03T14:59:07.680",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2015/Sep/0"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/536369/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1033439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2015/Sep/0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/536369/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033439"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.